Merge pull request #105 from currite/openvpn_reneg

Openvpn reneg
author: Christian Poessinger <christian@poessinger.com> 2019-09-17 05:39:01 +0200
committer: GitHub <noreply@github.com> 2019-09-17 05:39:01 +0200
commit: 6ae968116ca045551133b1623788f917ce20b1b2 (patch)
tree: a87010c1baf88603834693cbc5067a83e01c71a1 /docs/vpn
parent: 5468ffd289770021b3f57cfac4cea8ed8085de29 (diff)
parent: 8a9b0b66cce423835674674daf44f2d00f4abe00 (diff)
download: vyos-documentation-6ae968116ca045551133b1623788f917ce20b1b2.tar.gz
vyos-documentation-6ae968116ca045551133b1623788f917ce20b1b2.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/docs/vpn/openvpn.rst b/docs/vpn/openvpn.rst
index 84dfec6d..e252d016 100644
--- a/docs/vpn/openvpn.rst
+++ b/docs/vpn/openvpn.rst
@@ -175,6 +175,10 @@ First we need to specify the basic settings. 1194/UDP is the default. The
 `persistent-tunnel` option is recommended, it prevents the TUN/TAP device from
 closing on connection resets or daemon reloads.
 
+
+.. note:: Using **openvpn-option -reneg-sec** can be tricky. This option is used to renegotiate data channel after n seconds. When used at both server and client, the lower value will trigger the renegotiation. If you set it to 0 on one side of the connection (to disable it), the chosen value on the other side will determine when the renegotiation will occur.
+
+
 .. code-block:: sh
 
   set interfaces openvpn vtun10 mode server
author	Christian Poessinger <christian@poessinger.com>	2019-09-17 05:39:01 +0200
committer	GitHub <noreply@github.com>	2019-09-17 05:39:01 +0200
commit	6ae968116ca045551133b1623788f917ce20b1b2 (patch)
tree	a87010c1baf88603834693cbc5067a83e01c71a1 /docs/vpn
parent	5468ffd289770021b3f57cfac4cea8ed8085de29 (diff)
parent	8a9b0b66cce423835674674daf44f2d00f4abe00 (diff)
download	vyos-documentation-6ae968116ca045551133b1623788f917ce20b1b2.tar.gz vyos-documentation-6ae968116ca045551133b1623788f917ce20b1b2.zip